One more option that I haven't seen mentioned yet. As the logged in user in a term window type xhost +localhost this will allow all users to launch x applications including root. Rob -----Original Message----- From: zentara [mailto:zentara@zentara.net] Sent: Friday, May 09, 2003 7:52 AM To: suse-linux-e@suse.com Subject: Re: [SLE] SU can't connect. Why? On Fri, 9 May 2003 07:46:50 -0500 Michael Satterwhite wrote:

This one has to be simple, but I can't find a reason.

I open a Konsole, run emacs, everything is fine. I enter su and the password, try to run emacs and get the following:

Xlib: connection to ":0.0" refused by server Xlib: No protocol specified

When I tried to run the mozilla 1.3.1 installer as su, I get the same error. It looks to this relative newbie that there is something configured that su

doesn't have, but what's the missing piece?

Try running "sux" instead. Just a reminder, the $path is limited for root when running sux, so you may need to enter full paths to executables. -- use Perl; #powerful programmable prestidigitation -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

On Fri, 9 May 2003 08:56:27 -0400 Jerry Feldman wrote:

On Fri, 9 May 2003 07:46:50 -0500 Michael Satterwhite wrote:

...

This one has to be simple, but I can't find a reason.

I open a Konsole, run emacs, everything is fine. I enter su and the password, try to run emacs and get the following:

Xlib: connection to ":0.0" refused by server Xlib: No protocol specified

When I tried to run the mozilla 1.3.1 installer as su, I get the same error. It looks to this relative newbie that there is something configured that su doesn't have, but what's the missing piece? Try setting your DISPLAY variable: su export DISPLAY=localhost: Forgot the rest: export DISPLAY=localhost:0.0

-- Jerry Feldman Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9

On Friday 09 May 2003 15:18, John Pettigrew wrote:

I have a similar problem (I can run X apps using su but not sux or gnomesu) and thought this might help, but it doesn't. However, my error is "Protocol not supported by server" rather than the above.

Can anyone suggest what I might try? It used to work but doesn't any more

The cookie file for root sometimes gets confused. To solve, su to root, rm /root/.Xauthority, exit and run "sux" again

On Fri, 2003-05-09 at 09:36, Michael Satterwhite wrote:

On Friday 09 May 2003 08:01, Jerry Feldman wrote:

...

...

Try setting your DISPLAY variable: su export DISPLAY=localhost:

I tried that, but it didn't anything for me. Here's what happened:

Photon:/backups/differential # export Display=localhost:0.0 Photon:/backups/differential # emacs Xlib: connection to ":0.0" refused by server Xlib: No protocol specified

The proper procedure is: as logged in user issue xhost +localhost su export DISPLAY=localhost:0 Then you should be able to run your commands as the root user -- Ken Schneider linux user since 1994 SuSE user since 1998

On Friday 09 May 2003 9:50 am, John Pettigrew wrote:

In a previous message, Ken Schneider wrote:

...

The proper procedure is:

as logged in user issue xhost +localhost su export DISPLAY=localhost:0

Aha - that's sorted it for me, at least. Will I have to do this each time I log in / reboot? If so, can I put these commands into an automatically run file somewhere?

John -- John Pettigrew Headstrong Games john@headstrong-games.co.uk Fun : Strategy : Price http://www.headstrong-games.co.uk/ Board games that won't break the bank Knossos: escape the ever-changing labyrinth before the Minotaur catches you!

All you really have to do is to issue: xhost + one time during a boot session as a normal user. And you're good to go. I have placed this in the .bashrc file for the user I normally log in as. (and now people are going to hound me that it is a security breach) -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 05/09/03 11:13 + +----------------------------------------------------------------------------+ "What do you do when you see an endangered animal eating an endangered plant?"

On Friday 09 May 2003 11:22 am, Damian Ohara wrote:

Bruce,

It's your call. I spent a very painful few months three years ago trying to educate several hundred local users to use xauth and not xhost. Lose control of your desktop just once to someone else and you'll see what I'm getting at.

Putting "xhost +" in your . files was a disciplinable offence here :-(

Damian

Very good points all.... however, for a home user, not a problem.

...

All you really have to do is to issue:

xhost +

one time during a boot session as a normal user. And you're good to go.

I have placed this in the .bashrc file for the user I normally log in as. (and now people are going to hound me that it is a security breach)

-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 05/09/03 11:40 + +----------------------------------------------------------------------------+ "Do students of Zen Buddhism do Om-work?"

On Fri, 2003-05-09 at 13:28, Trey Gruel wrote:

however, i would like to point out that your .bashrc isn't really a good place to put that to have it run automatically. you should put it either in your .xinitrc or .xsession. if you have it in your bashrc, it's run every time you open a new shell (including if you login remotely). the xinitrc is run when you start x from the console and the xsession is run when you log in via xdm/kdm/gdm/whatever.

Why can't anyone writing the documentation for either SuSE or XFree86 be so succinct? Thank you! I've printed this for future reference. I want to take this a step further. I want to run an X application on the login screen. As I understand it, /etc/opt/kde3/share/config/kdm/kdmrc gets "setup" by /etc/X11/xdm/Xsetup. In there, I see a latent config for starting xconsole. I can comment out the test for kdm/gdm, and get it. No problems. However... I want to be able to run this newfangled "superkaramba" thing. I got it working on my desktop, but I want it to run on the login screen. Almost every day, my wife reboots my workstation into Win98 to look at weather.com, even though she has an account in Linux, and even has Mozilla in Windows. Grumble... Anyway, I just want the "karamba_weather" thing to display. Details aside, I guess I'm looking for how this ought to work in general. I've seen various tutorials found by Googling that all I need to do is enter some lines in Xsetup, like "xterm &" or such. That "xterm" command works, but I can't use the keyboard in it. "xclock" doesn't work at all. I tried putting in an "xhost +" command in that file, just to see if that was holding me up, but it still doesn't work. What's preventing me from running an arbitrary program from Xsetup, and how can I get around it? I'd rather be running "superkaramba" as a user, obviously, but I figured the X server is running as root, and I can avoid a bunch of hassle in figuring out the process by not trying to `su - <user> -c 'foo'' right now. Anyway. While I'm at it, I added another line to /etc/X11/xdm/Xservers like so: :0 local /usr/X11R6/bin/X :0 vt07 :1 local /usr/X11R6/bin/X :1 vt08 <-- new line But I don't get the expected behavior, i.e. a second X session on <Ctrl><Alt>-F8. I mean, I could see not getting a second KDM session, but I don't even get X. How can I get one or both to happen? I hate asking this. I ought to be able to figure it out. I HATE X. Grrr... Okay, I love X. I guess it's a real "love and hate" relationship. TIA, dk -- David "Dunkirk" Krider, http://www.davidkrider.com Acts 17:28, "For in Him we live, and move, and have our being." Linux: Will you use the power for good... or for AWESOME?

On Friday 09 May 2003 15:50, John Pettigrew wrote:

In a previous message, Ken Schneider wrote:

...

The proper procedure is:

as logged in user issue xhost +localhost su export DISPLAY=localhost:0

Aha - that's sorted it for me, at least. Will I have to do this each time I log in / reboot? If so, can I put these commands into an automatically run file somewhere?

Please do not use xhost! It is completely insecure and defeats the purpose of using sux or kdesu

On Friday 09 May 2003 19:57, Bruce Marshall wrote:

...

Please do not use xhost! It is completely insecure and defeats the purpose of using sux or kdesu

And if it's a single user machine? Or even a small home network?

Then it's not so bad, but it's still a good habit to get into.

(And I use root all the time too but I'm a big boy and trust myself)

literally all the time? I would never trust myself that much. Everyone has brainfarts. And I would certainly not trust the programs, especially huge ones like kde, to run them all the time as root.

On Friday 09 May 2003 20:28, Bruce Marshall wrote:

Remember, when DOS was king, everyone ran as root and accidents didn't happen that often.

Accidents happened all the time. Only they weren't called "accidents", they were called "viruses".

On Friday 09 May 2003 20:33, John LeMay wrote:

...

Please do not use xhost! It is completely insecure and defeats the purpose of using sux or kdesu

Maybe so, and sux is a better solution, but truth is I've been using xhost for the past six or seven years and it works for me. I am in a secured environment however - firewalls, limited physical access, etc. Don't want anyone to think using xhost will break anything. Never has here!

No it won't break anything, and neither will using telnet when communicating between machines. If you're in a 100% trusted environment you can get away with lots of things. But that doesn't mean I'd advocate using telnet above ssh, and call it the "proper procedure"

On Friday 09 May 2003 20:54, John Pettigrew wrote:

In a previous message, Anders Johansson wrote:

...

Please do not use xhost! It is completely insecure and defeats the purpose of using sux or kdesu

OK, give that I've issued the xhost as someone else suggested, how do I get rid of its effects? Do I do 'xhost -localhost'?

If you ran "xhost +localhost", then "xhost -localhost" will reverse it, yes.

Once I've done that, will deleting root's .Xauthority file put me back with a working sux and gnomesu?

If your problem is the same as the one I had, then yes. But YMMV, no money back guarantee and all the rest of it :) su rm /root/.Xauthority exit sux That's what worked for me

* John [05-10-03 00:37]:

On Friday 09 May 2003 12:44, Anders Johansson wrote:

...

On Friday 09 May 2003 15:50, John Pettigrew wrote:

...

In a previous message, Ken Schneider wrote:

...

The proper procedure is:

as logged in user issue xhost +localhost su export DISPLAY=localhost:0

Aha - that's sorted it for me, at least. Will I have to do this each time I log in / reboot? If so, can I put these commands into an automatically run file somewhere?

Please do not use xhost! It is completely insecure and defeats the purpose of using sux or kdesu

Uummmm...oops. I was having a similar problem and did the xhost thing Ken said. But now that you have a better and more secure way to get sux to work correctly, how do I *undo* the xhost thing above?

xhost -localhost, or xhost - man xhost -- Patrick Shanahan Please avoid TOFU and trim >quotes< http://wahoo.no-ip.org Registered Linux User #207535 icq#173753138 @ http://counter.li.org Linux, a continuous *learning* experience

...

...

...

...

In a previous message, Ken Schneider wrote:

...

The proper procedure is:

as logged in user issue xhost +localhost su export DISPLAY=localhost:0

The reason that I use this is because I admin several *nix boxes at work and this allows me to run gui tools on my desktop without having to go to the machine and run the progs there. I actually use "xhost +" to allow those boxes to display the programs on my desktop. Yes it is not the most secure way to do things but for the local lan with mostly computer iliterates on the lan not much can go wrong. Most (95%+) get lost when they have to change their password. It just goes to show you there are many different ways to get somrthing done with linux. Use what you think is the best for your situation. Ken

On Sun, 2003-05-11 at 00:02, S. Bulterman wrote:

Hmmm, maybe use VNC through ssh tunnel.......

or just ssh -X

Ken Schneider wrote:

...

Ken Schneider wrote:

...

...

...

...

>>In a previous message, Ken Schneider wrote: >> >> >>>The proper procedure is: >>> >>>as logged in user issue xhost +localhost >>>su >>>export DISPLAY=localhost:0 >> The reason that I use this is because I admin several *nix boxes at

work

...

and this allows me to run gui tools on my desktop without having to

go to

...

the machine and run the progs there. I actually use "xhost +" to

allow

...

those boxes to display the programs on my desktop.

Yes it is not the most secure way to do things but for the local lan

with

...

mostly computer iliterates on the lan not much can go wrong. Most

(95%+)

...

get lost when they have to change their password.

It just goes to show you there are many different ways to get

somrthing

...

done with linux. Use what you think is the best for your situation.

Ken

Hmmm, maybe use VNC through ssh tunnel.......

I only use this in a LOCAL lan.

Some people are just very paranoid I guess. What part of 95+% being computer stupid don't you get?

As I said, use what works best for you in your environment.

Ken

I consider myself still 85% linux newbie... Learning every day something different... After reading some info on VNC it was very easy to setup. If i'm not mistaken KDE 3.1 uses it on display :0. There's a extension for the XFree86 4.3.0 server to use it on display :0 for every windowmanager. I like to take over display :0 (just like PC Nowhere... euh Anywhere)... Try it out.... -- Thanks in advance, Stefan -------------------------------------------------------------- Linux a world without borders, fences, windows and gates..... Titanic98 "Which computer do you want to sink today????"

You might also look up the difference between xhost and xauth, especially if the machine in question is networked. Damian Michael Satterwhite wrote:

On Friday 09 May 2003 08:42, Ken Schneider wrote:

...

as logged in user issue xhost +localhost su export DISPLAY=localhost:0

Then you should be able to run your commands as the root user

That fixed it for me, thanks. Now it's time to start looking up xhost <g>

On Friday 09 May 2003 20:51, David Krider wrote:

On Fri, 2003-05-09 at 08:04, Marshall Heartley wrote:

...

The X server is fefusing the connection. Try runnung the command using sux instead. Try sux -c emacs.

Okay, that's just plain awesome. BUT! There's no man page for `sux'. Where is the documentation on how this is supposed to work? What's happening? Is it using magic cookies or what?

It's a shell script SuSE hacked together. The "documentation" lies in looking at the script code :) Basically it takes the MIT Magic Cookie from the user that started X, and pipes it over to the user you're su:ing to, and merges it into that user's Xauthority file